VDA President Hildegard Müller regarding NIS 2 Directive

"The goal of the NIS 2 Directive is good and right: Europe's cyber resilience must be strengthened. At the same time, it has to be implemented in a practical, efficient, and proportionate way. However, in the current situation, companies must not be burdened unnecessarily, which is why the draft legislation currently requires improvements.

One possible adjustment, for example, is to make reporting procedures completely digital and interoperable. Duplicate or multiple reports must be avoided; moreover, corporate groups need the option to consolidate reports. A centralized "one-stop shop" process that also allows reports in English would significantly ease the burden on companies in this regard.

The VDA also rejects stricter deadlines and expanded manager liability beyond EU requirements. Instead, we call for clear rules for the delegation of tasks, safe harbor solutions, and a fair liability framework that creates legal certainty.

The BSI should provide understandable and practical guidance for implementing risk management obligations – as binding and as early as possible. This will enable companies to plan and act with confidence.

In addition, it should be possible to initiate security clearances for employees. Public administration should also be more closely involved in the directive in order to better limit systemic risks."